<%@LANGUAGE="VBSCRIPT" CODEPAGE="65001"%>
<!--#include file="inc/conn.asp"-->
<!--#include file="inc/md5.asp"-->
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>上海紫博蓝后台管理系统</title>
<link href="css/style.css" rel="stylesheet" type="text/css"/>
<script language="javascript" src="js/Judge.js"></script>
<script>
function myjobchk(){
if (document.form.txtusername.value=="")
{alert("用户名不能为空");
document.form.txtusername.focus();
return false;
}
if (document.form.txtpassword.value=="")
{alert("密码不能为空");
document.form.txtpassword.focus();
return false;
}
if (document.form.txtcode.value=="")
{alert("验证码不能为空");
document.form.txtcode.focus();
return false;
}
return(true);
}
</script>
</head>

<body>
<div class="login-head"><span><a title="进入上海紫博蓝网站后台编辑帮助中心" href="http://www.1gbru.com" target="_blank">技术支持与帮助</a></span></div>
<div class="login-main">
  <table width="450" border="0" align="center" cellpadding="9" cellspacing="0" class="login">
   <form id="form" name="form" method="post" action="" onSubmit="return myjobchk();">
    <tr>
      <td>&nbsp;</td>
      <td>&nbsp;</td>
    </tr>
    <tr>
      <td width="31%" align="right">用户名 </td>
      <td width="69%"><input name="txtusername" type="text" class="login-input" id="txtusername" /></td>
    </tr>
    <tr>
      <td align="right">密码 </td>
      <td><input name="txtpassword" type="password" class="login-input" id="txtpassword" /></td>
    </tr>
    <tr>
      <td align="right">验证码 </td>
      <td><input name="txtcode" type="text" class="login-input" id="txtcode" />
      <img src="inc/Code.asp" width="40" height="10"></td>
    </tr>
    <tr>
      <td>&nbsp;</td>
      <td><input name="button" type="submit" class="login-button" value="登陆" /></td>
    </tr>
    <tr>
      <td>&nbsp;</td>
      <td>&nbsp;</td>
    </tr>
    </form>
  </table>
</div>
</body>
</html>
<%
if request("button")="登陆" then
name=checkstr(inHTML(request.Form("txtusername")))
password=checkstr(inHTML(request.Form("txtpassword")))
code=checkstr(inHTML(request.Form("txtcode")))
if name="" or password="" or code="" then
	response.write"<script>alert('用户名、密码、验证码不能为空');</script>"
	response.write"<script>window.history.back(-1);</script>"
	response.end
end if

if code-Session("GetCode")<>0 then
	response.write"<script>alert('验证码错误');</script>"
	response.write"<script>window.history.back(-1);</script>"
	response.end 
end if

'判断管理员身份是否合法
set rs=server.CreateObject("adodb.REcordset")
sql="select * from admin where mark=1 and name='"&name&"' and password='"&md5(name&password&name)&"'"
rs.open sql,conn,1,3
if rs.eof then
	response.write"<script>alert('用户名密码输入错误或被高级管理员禁用');</script>"
	response.write ("<script>window.location='login.asp'</script>")
	response.end
else
	response.cookies("admin")("name")=rs("name")
	response.cookies("admin")("password")=rs("password")
	dim ctime
	ctime=5256000
	ctime=dateadd("n",ctime,now())
	response.cookies("admin").expires=ctime
	response.write ("<script>window.location='index.asp'</script>")
end if
set rs=nothing
end if
%>